Monthly Archives: January 2014

Link

Preparations for a blended IT environment

Although the author discussed preparations for hybrid cloud, his points apply to most IT organisation now : This growth in the use of cloud services requires IT managers to re-evaluate their role.

What role the? As a broker but builder. For most enterprise, IT manager will not build application from scratch. Cost and time constraint require them to source cloud application while managing outsourcing risk, data privacy and security issues.

Public available of ISO/IEC 29100:2011 Privacy framework

Last May, in ISO SC27 meeting held at Sophia Antipolis. WG5 Identity Management and Privacy Technologies voted to make ISO 29100 Privacy framework a public document. After JTC 1 Plenary endorsement in November 2013 meeting, the standard is now available at http://standards.iso.org/ittf/PubliclyAvailableStandards/index.html (search for 29100). Another document are listed is  ISO 27000 Information security management systems — Overview and vocabulary.

For most people in the IT security industry, the relationship between owner, processor and user of PII is confusing. Table I in ISO 29100 provides a clear and user friendly way to understand their relationships.

Note from 2016 SC27WG5 meetings : A new edition on improving consistency and language is planned. New version shall be ready next year.

Privacy Protection Principles, compare ISO29100, with Singapore and Hong Kong legislations

ISO29100